Update release notes.

author: Tom Christie 2013-01-22 17:42:06 +0000
committer: Tom Christie 2013-01-22 17:42:06 +0000
commit: cf52c0e044882a98892bc3d5700b8952ed9c4e49 (patch)
tree: 79e1f5164c2d8577ba8175654a7bff704805ffec
parent: 998c245f7252d4ad39a48943c38c936e3d7a8c5c (diff)
download: django-rest-framework-cf52c0e044882a98892bc3d5700b8952ed9c4e49.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 58471a79..ebbe6876 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -18,11 +18,14 @@ Major version numbers (x.0.0) are reserved for project milestones.  No major poi
 
 ### Master
 
+* Support proper 401 Unauthorized responses where appropriate, instead of always using 403 Forbidden.
 * Support json encoding of timedelta objects.
 * `format_suffix_patterns()` now supports `include` style URL patterns. 
 * Bugfix: Return proper validation errors when incorrect types supplied for relational fields.
 * Bugfix: Support nullable FKs with `SlugRelatedField`.
 
+**Note**: If the primary authentication class is `TokenAuthentication` or `BasicAuthentication`, a view will now correctly return 401 responses to unauthenticated access, with an appropriate `WWW-Authenticate` header, instead of 403 responses.
+
 ### 2.1.16
 
 **Date**: 14th Jan 2013
author	Tom Christie	2013-01-22 17:42:06 +0000
committer	Tom Christie	2013-01-22 17:42:06 +0000
commit	cf52c0e044882a98892bc3d5700b8952ed9c4e49 (patch)
tree	79e1f5164c2d8577ba8175654a7bff704805ffec
parent	998c245f7252d4ad39a48943c38c936e3d7a8c5c (diff)
download	django-rest-framework-cf52c0e044882a98892bc3d5700b8952ed9c4e49.tar.bz2